[Snort-users] Snort Archive Database Creation Script
pauls at ...6838...
Fri Jul 30 23:43:04 EDT 2004
--On Friday, July 30, 2004 5:52 PM -0700 Charles Heselton
<charles.heselton at ...11827...> wrote:
> Hi all. Don't know if this question has been asked before. I wasn't
> able to find too much on google or the list archive.
> I would like to be able to archive events picked up by my snort IDSs.
> Now, I know that ACID has this functionality. But I also know that
> you have to have the database backend. Does anyone know if 1) the DB
> setup script that comes with the snort package will work for the
> "snort-archive" db?
Yes, it will, but first you have to create the database.
or 2) if there's a snort-archive db setup script
> that I missed in the package?
No, there is not.
or 3) is there a 3-rd party script some
> where out there in userland?
There could be, but I'm not aware of one.
> I'm not the most savvy mysql DBA, so it
> would be non-trivial for me to try to set up the db myself.
Then you're going to have to start reading. Mysql.com has very good
documentation, or you can buy a book on mysql.
To create a database, you log in to mysql:
% mysql -u root -p (you'll be prompted for the password)
Once you've logged in successfully, you'll need to create the database:
mysql > create database snort_archive; (or whatever you want to name it)
Then you have to grant rights to the database to the user that will be
mysql > grant select,insert,create,delete on snort_archive.* to
user at ...274...;
mysql > quit;
Then you can create the tables for the database like this:
% mysql -u root -p snort_archive < /path/to/create_mysql
The create_mysql script comes with the snort distribution.
> Any guidance would be appreciated.
Hope this helps.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users